112 # same transaction where the entity is being created. This never occurs from |
112 # same transaction where the entity is being created. This never occurs from |
113 # the web interface but may occurs during test or dbapi connection (though |
113 # the web interface but may occurs during test or dbapi connection (though |
114 # not expected for this). So: don't do it, we pretend to ensure repository |
114 # not expected for this). So: don't do it, we pretend to ensure repository |
115 # consistency. |
115 # consistency. |
116 # |
116 # |
117 # also, we must not use unsafe_execute since we want the delete permission |
117 # XXX we don't want read permissions to be applied but we want delete |
118 # to be checked when some existing relation is deleted |
118 # permission to be checked |
|
119 rschema = session.repo.schema.rschema(rtype) |
119 if card[0] in '1?': |
120 if card[0] in '1?': |
120 rschema = session.repo.schema.rschema(rtype) |
|
121 if not rschema.inlined: # inlined relations will be implicitly deleted |
121 if not rschema.inlined: # inlined relations will be implicitly deleted |
122 session.execute('DELETE X %s Y WHERE X eid %%(x)s, NOT Y eid %%(y)s' % rtype, |
122 rset = session.unsafe_execute('Any X,Y WHERE X %s Y, X eid %%(x)s, ' |
123 {'x': eidfrom, 'y': eidto}, 'x') |
123 'NOT Y eid %%(y)s' % rtype, |
|
124 {'x': eidfrom, 'y': eidto}, 'x') |
|
125 if rset: |
|
126 safe_delete_relation(session, rschema, *rset[0]) |
124 if card[1] in '1?': |
127 if card[1] in '1?': |
125 session.execute('DELETE X %s Y WHERE NOT X eid %%(x)s, Y eid %%(y)s' % rtype, |
128 rset = session.unsafe_execute('Any X,Y WHERE X %s Y, Y eid %%(y)s, ' |
126 {'x': eidfrom, 'y': eidto}, 'y') |
129 'NOT X eid %%(x)s' % rtype, |
|
130 {'x': eidfrom, 'y': eidto}, 'y') |
|
131 if rset: |
|
132 safe_delete_relation(session, rschema, *rset[0]) |
|
133 |
|
134 def safe_delete_relation(session, rschema, subject, object): |
|
135 if not rschema.has_perm(session, 'delete', fromeid=subject, toeid=object): |
|
136 raise Unauthorized() |
|
137 session.repo.glob_delete_relation(session, subject, rschema.type, object) |
127 |
138 |
128 |
139 |
129 class Repository(object): |
140 class Repository(object): |
130 """a repository provides access to a set of persistent storages for |
141 """a repository provides access to a set of persistent storages for |
131 entities and relations |
142 entities and relations |